id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
2939	msLoadQuery() does not validate file extension when loading saved query files	sdlime	sdlime	"This can be used to probe a system for files that ARE NOT present. Since any value can be passed the code will attempt to open then file and then if missing will report that that fact. The solution is to validate the file extension before accessing the file and if not ending with .qy throw an error. Basically mirroring behavior used with mapfiles.

Might also make sense to add a magic key at the top of the file for further validation.

Steve"	defect	closed	high	6.0 release	MapServer C Library	unspecified	normal	fixed		jmckenna